Stop devices from phoning home through router with iptables? - eviltoast

I have a router running asuswrt-merlin so I have access to ssh/iptable rules. Is there a way to make a device not able to access an external network or only allow the IP to connect to another IP e.g. 192.168.0.2 -> 192.168.0.3?

I don’t have a router/switch with custom vlan capability, so I was wondering is there another way to do this?

  • Sindef@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’m not familiar with that OS in particular, but yes, IPTables can restrict egress to certain IP space very simply.

    • Clawkikker@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      It’s like openwrt or freshtomato firmware but specifically for asus routers. Do you happen to know how to do this? I’ve tried normal rules, but that seems to only apply the router itself rather than the network traffic routing through it.

      • Sindef@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Ah. I’m not sure on that specific setup sorry, but sounds like you may need to check what chains already exist and see if there are ones for the right network interfaces. I’m familiar with IPTables itself only, not the Asus openwrt!

  • BOOZy1@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    If there’s no (usable) iptable option you can always just route the IPs/subets to a non existing gateway.